1495 matches found
CVE-2025-1935
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
Linux Distros Unpatched Vulnerability : CVE-2019-18678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits...
Linux Distros Unpatched Vulnerability : CVE-2017-12180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execu...
Malicious code in linkedin-test (npm)
--- -= Per source details. Do not edit below this line.=-...
Linux Distros Unpatched Vulnerability : CVE-2011-2372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the...
PUB-A-365755647
there is a possible DoS due to a logic error in the code. This could lead to remote proximal/adjacent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-21818
No description is available for this CVE...
BELL-CVE-2025-21786
Bulletin has no description...
BELL-CVE-2025-21796
Bulletin has no description...
BELL-CVE-2024-58002
Bulletin has no description...
BELL-CVE-2024-57975
Bulletin has no description...
CVE-2022-49444
In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...
CVE-2022-49522
In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers cf. host/mmci.c and limit the maximum segment size based on the DMA engine's capabilities. This is needed to avoid...
CVE-2022-49536
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...
CVE-2022-49318
In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARNON in f2fsisvalidblkaddr Syzbot triggers two WARNs in f2fsisvalidblkaddr and isbitmapvalid. For example, in f2fsisvalidblkaddr, if type is DATAGENERICENHANCE or DATAGENERICENHANCEREAD, it invokes WARNON if blkadd...
OSV-2025-175 UNKNOWN READ in insert_free
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399390672 Crash type: UNKNOWN READ Crash state: insertfree chunkobjalloc pdfiobjectalloc...
CVE-2022-49178
In the Linux kernel, the following vulnerability has been resolved: memstick/msproblock: fix handling of read-only devices Use setdiskro to propagate the read-only state to the block layer instead of checking for it in -open and leaking a reference in case of a read-only device...
CVE-2022-49350
In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport init-annotated mdiobusinit EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to a free...
CVE-2022-49202
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: add missing NULL check in h5enqueue Syzbot hit general protection fault in pmruntimeresume. The problem was in missing NULL check. hu-serdev can be NULL and we should not blindly pass &serdev-;dev somewhere,...